You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Information can be put into dmi tables via some qemu-system hosts (x86_64 and aarch64). That information is exposed in Linux under /sys/class/dmi/id and can be read with dmidecode. The names are very annoyingly inconsistent. The point of this doc is to map them.
example of using Ubuntu cloud images with virtualbox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cloud-init ubuntu nocloud example with network config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order to give someone access to hosts that are available only by ssh "bouncing" (ProxyJump),
add a user for this specific purpose.
We have an internal openstack where instances get IPs on per-tenant networks. Each tenant has a 'bastion' host that has a "public" ip (floating ip). You can access other instances by bouncing through the bastion. From time to time I want to let someone else into an instance. This could be done either with:
a.) just give them shell access to the bastion and let them hop through. Sharing an unrestricted shell account on my bastion is less than ideal.
b.) assign a floating/"public" IP to the instance so they could go directly in. Floating IPs are limited, so this is less than ideal.
So instead, I have set up a single user as described here that can only be used for ProxyJump. It allows others proxied access to my instances but without granting them full shell access.
Recently I have had the opportunity/necessity to use Windows for a bit. Windows, expecially
with WSL (Windows Subsystem for Linux) is much better than it used to be. One thing
that I really liked was "susped to hibernate".
When closing the lid on the laptop, the system would suspend, and then after some time
it would power off. This is really nice behavior for someone who often comes to find
a laptop they've suspended a couple days ago and that they have no power.
So... How to do that on linux? Specifically Ubuntu 22.04
catch-fail - trap failure and sleep so as to enter a melange build for dbug
catch-fail - trap and sleep to enter a melange build for debug
Usage: catch-fail op
catch-fail is used to help debug a melange build. In a 'run' section
you can add at the top:
eval $(/home/build/catch-fail eval-trap 1h)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stubby talk at All Systems Go conference September 2023.
All Systems Go 2023: Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative
This talk is was given 2023-09-14 in Berlin at the All Systems Go 2023 conference.
It is available online from all-systems-go conference here.
Abstract
Modification of the kernel command line has historically been one of the easiest ways to customize system behavior. Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.
System behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications from installers to init systems and beyond also take input from /proc/cmdline.
It is clear that some kernel command line options are desirable (console=ttyS0 verbose) and possibly even necessary. Others, such as the cromulent 'init=/bin/sh', can allow circumvention of benefits that Secureboot and TPM provide.
A change in process at work meant that internal IT would be managing my work-provided laptop.
While I do not expect management to leak any personal sensitive data that was on the machine,
it does represent an increase in the potential for such a thing to happen.
I bought a Yubikey (5c).
The goal was to store "personal" GPG and SSH credentials on the yubikey so that they
would not be available to a compromised system, or inadvertantly get backed up.
The setup seems to work pretty well. Here is what I did.
lp-add-user: add a local user by launchpad or github name and import keys. lp-authorized-keys: use AuthorizedKeysCommand to let user in.
lp-add-user or github-add-user
Add a local user to the system and populate user's ssh authorized keys to contain the keys on gitub or launchpad.
usage: lp-add-user [-h] [--dry-run] [--sudo] [--verbose] user [ruser]
Add a user with, keys from launchpad or github.
positional arguments:
user the local username
ruser the launchpad username (default to lp:). Format is